TLS, Transport Layer Security

Protocol suite:	TCP/IP.
Type:	Application layer protocol.
Related protocols:	DTLS, Datagram Transport Layer Security.
MIME subtype:
SNMP MIBs:
Working groups:	tls, Transport Layer Security.
Links:	TLS parameters. Extensions. OpenSSL.

RFC 4346:

The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol, is the TLS Record Protocol. The TLS Record Protocol provides connection security.

TLS is based on the SSL 3.0 protocol as published by Netscape.

A single TLS record may be up to 16384 bytes in length.

A TLS message may span multiple TLS records.

A TLS certificate message may in principle be as long as 16MB.

Extension types:

Type	Description	References
0	server_name	RFC 4366
1	Maximum fragment length.	RFC 4366
2	client_certificate_url	RFC 4366
3	trusted_ca_keys	RFC 4366
4	Truncated HMAC.	RFC 4366
5	status_request	RFC 4366
6	user_mapping	RFC 4681
7
8
9	cert_type
10	elliptic_curves	RFC 4492
11	ec_point_formats	RFC 4492
12	srp
13 - 34
35	SessionTicket TLS	RFC 4507

Glossary:

RFCs:

[RFC 2595] Using TLS with IMAP, POP3 and ACAP.

[RFC 2712] Addition of Kerberos Cipher Suites to Transport Layer Security (TLS).

[RFC 2716] PPP EAP TLS Authentication Protocol.

[RFC 2817] Upgrading to TLS Within HTTP/1.1.

Updates:
RFC 2616.

[RFC 2818] HTTP Over TLS.

[RFC 3268] Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS).

[RFC 3436] Transport Layer Security over Stream Control Transmission Protocol.

[RFC 3749] Transport Layer Security Protocol Compression Methods.

[RFC 3943] Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS).

Category: Informational.
Defines TLS compression method 64 (LZS compression).

[RFC 4132] Addition of Camellia Cipher Suites to Transport Layer Security (TLS).

Category: Standards Track.

[RFC 4162] Addition of SEED Cipher Suites to Transport Layer Security (TLS).

Category: Standards Track.

[RFC 4217] Securing FTP with TLS.

Category: Standards Track.
Updates FTP to support TLS.

[RFC 4261] Common Open Policy Service (COPS) Over Transport Layer Security (TLS).

Category: Standards Track.
Defines COPS object class = 16, type = 2 (Integrity-TLS).
Updates:
RFC 2748.

[RFC 4279] Pre-Shared Key Ciphersuites for Transport Layer Security (TLS).

Category: Standards Track.

[RFC 4346] The Transport Layer Security (TLS) Protocol Version 1.1.

Category: Standards Track.
Defines TLS version 1.1.
Obsoletes:
RFC 2246.
Updated by:
RFC 4366.

[RFC 4366] Transport Layer Security (TLS) Extensions.

Category: Standards Track.
Obsoletes:
RFC 3546.
Updates:
RFC 4346.
Defines TLS extension types 0 through 9.

Publications:

[ISBN 0201615983] SSL and TLS: Designing and Building Secure Systems.

Obsolete RFCs:

[RFC 2246] The TLS Protocol Version 1.0.

Category: Standards Track.
Obsoleted by:
RFC 4346.
Defines TLS version 1.0.

[RFC 3546] Transport Layer Security (TLS) Extensions.

Category: Standards Track.
Obsoleted by:
RFC 4366.
Defines MIME media subtype application/pkix-pkipath.
Updates:
RFC 2246.